Fedora reexamines "trusted boot"
Posted Jul 3, 2011 12:13 UTC (Sun) by alonz
In reply to: Fedora reexamines "trusted boot"
Parent article: Fedora reexamines "trusted boot"
I'm afraid I have to disagree with you, at least partially…
For example, you write
> It may not prevent compromise but the idea is it can reveal it through remote attestation
Here you are assuming that the main purpose of the system is access to some (single!) remote service, which can perform the attestation often enough to matter. But this isn't the case for most modern uses, especially when even “connected” devices often use cellular (= intermittent) connections.
> The idea is that the signing process continues after boot and no code is run without first being checked
This assumes a completely closed software ecosystem—which, again, is far from the normal case in almost all modern use-cases.
The concepts of “trusted boot” looked OK on paper, in the context of early security research (which dealt with monolithic managed systems, when software distributions were small and organizations were large). But they don't fit most modern use cases.
to post comments)